Mathematics / Matematik
Permanent URI for this collectionhttps://hdl.handle.net/11147/8
Browse
2 results
Search Results
Article Citation - WoS: 89Obtaining a Secure and Efficient Key Agreement Protocol From (h)mqv and Naxos (extended Version)(International Association for Cryptologic Research, 2009) Ustaoğlu, BerkantLaMacchia, Lauter and Mityagin recently presented a strong security definition for authenticated key agreement strengthening the well-known Canetti-Krawczyk definition. They also described a protocol, called NAXOS, that enjoys a simple security proof in the new model. Compared to MQV and HMQV, NAXOS is less efficient and cannot be readily modified to obtain a one-pass protocol. On the other hand MQV does not have a security proof, and the HMQV security proof is extremely complicated. This paper proposes a new authenticated key agreement protocol, called CMQV (`Combined' MQV), which incorporates design principles from MQV, HMQV and NAXOS. The new protocol achieves the efficiency of HMQV and admits a natural one-pass variant. Moreover, we present a simple and intuitive proof that CMQV is secure in the LaMacchia-Lauter-Mityagin model.Conference Object Citation - WoS: 34On the Importance of Public-Key Validation in the Mqv and Hmqv Key Agreement Protocols(Springer Verlag, 2006) Menezes, Alfred; Ustaoğlu, BerkantHMQV is a hashed variant of the MQV key agreement protocol proposed by Krawczyk at CRYPTO 2005. In this paper, we present some attacks on HMQV and MQV that are successful if public keys are not properly validated. In particular, we present an attack on the two-pass HMQV protocol that does not require knowledge of the victim's ephemeral private keys. The attacks illustrate the importance of performing some form of public-key validation in Diffie-Hellman key agreement protocols, and furthermore highlight the dangers of relying on security proofs for discrete-logarithm protocols where a concrete representation for the underlying group is not specified.